Preview Tool

Last Modified

Jun 30, 2016

Products (1)

Cisco 4400 Series Wireless LAN Controllers

Known Affected Releases

5.2(148.0)

Description (partial)

Symptom:
Radius authentications will fail from WCS 5.2.0.148 with invalid username/password message in the web GUI. Trace logs indicate message-authenticator was invalid. However ACS shows a passed authentication.
This is caused by a different order of radius attributes than the WCS expects. The message-authenticator has to be the last attribute in the packet. If the radius traffic is captured and the message-authenticator is before the other attributes in the packet order, the the authentication will fail.
Conditions:
Radius authentication with:
ACS 5.0
Some third party radius servers